Pakistan-based risk actors attacking IITs, Indian Army: Modus operandi, motive, and different particulars

A brand new wave of cyber assaults towards the Indian Army and the schooling sector organised by a Pakistan-based group has come to gentle. According to a report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies, the risk group is known as Transparent Tribe. It has been concentrating on Indian army entities and academic establishments within the nation, akin to IITs and NITs. The group is believed to have originated in 2013. 

Aim of those assaults? The risk group targets to deceive unsuspecting victims into divulging delicate info via this subtle tactic.

According to the researchers, the group is utilizing a malicious file titled “Revision of Officers posting policy” to lure the Indian Army into compromising their programs. The file is disguised as a legit doc, nevertheless it accommodates embedded malware designed to use vulnerabilities.

The cybersecurity researchers additionally noticed an alarming improve within the concentrating on of the schooling sector. According to it, Transparent Tribe has been concentrating on India’s prestigious instructional establishments such because the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and enterprise colleges since May 2022. These assaults intensified within the first quarter of 2023, reaching their peak in February, the group notes.

“The subdivision of the Transparent Tribe, known as SideCopy, has also been identified targeting an Indian defence Organisation. Their modus operandi involves testing a domain hosting malicious file, potentially to serve as a phishing page,” mentioned the researchers.

The safety group notes that the group dubbed as APT36 has cleverly utilised malicious PPAM recordsdata masquerading as “Officers posting policy revised final”. For these unaware, a PPAM file is an add-in file utilized by Microsoft PowerPoint. “These files exploit macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively camouflaging the presence of malware,” mentioned the report.

In its report, Seqrite is recommending some preventive measures akin to exercising warning whereas downloading recordsdata and opening electronic mail attachments from unsolicited or untrusted sources.

“Regularly update security software, operating systems, and applications to protect against known vulnerabilities. It is also important to implement robust email filtering and web security solutions to detect and block malicious content,” the group suggested.

Catch all of the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Updated: 26 Jun 2023, 11:46 AM IST

Topics